🟠High  | Source: The Register — Security
Japanese telecoms giant KDDI has exposed the email credentials of approximately 14.2 million users across five ISPs it manages, in what appears to be a significant data breach. The incident affects managed email account details, meaning affected users face risks including account takeover, phishing, and downstream compromise of services tied to those email addresses. The scale of exposure and the number of ISPs involved amplifies the potential blast radius considerably.
Security Architect’s Take: If your organisation uses KDDI-managed email services or has staff who do, enforce immediate password resets and review MFA coverage across email-dependent authentication flows. More broadly, audit any third-party managed email or identity services in your supply chain for equivalent credential exposure risks.
Original advisory: You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials